2021-11-21 08:56:39 +00:00
id : apache-filename-enum
2021-05-12 20:30:15 +00:00
info :
2021-11-21 08:56:39 +00:00
name : Apache Filename Enumeration
2021-05-12 20:30:15 +00:00
author : geeknik
2022-04-22 10:38:41 +00:00
severity : low
2021-05-12 20:30:15 +00:00
description : If the client provides an invalid Accept header, the server will respond with a 406 Not Acceptable error containing a pseudo directory listing.
2021-08-18 11:37:49 +00:00
reference :
2021-05-12 20:30:15 +00:00
- https://hackerone.com/reports/210238
- https://www.acunetix.com/vulnerabilities/web/apache-mod_negotiation-filename-bruteforcing/
2022-08-27 04:41:18 +00:00
tags : apache,misconfig,hackerone
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2021-05-12 20:31:52 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-05-12 20:30:15 +00:00
- method : GET
headers :
Accept : "fake/value"
path :
- "{{BaseURL}}/index"
2021-05-12 20:31:52 +00:00
2021-05-12 20:30:15 +00:00
matchers-condition : and
matchers :
- type : status
status :
- 406
- type : word
words :
- "Not Acceptable"
- "Available variants:"
- "<address>Apache Server at"
condition : and